Javascript Execution with NoScript Bypass
The bug is upstream in Firefox 68esr. It is tracked by Bug 1621996.
Designs
- Show closed items
Activity
-
Newest first Oldest first
-
Show all activity Show comments only Show history only
- Author
For review: https://gitweb.torproject.org/user/sysrqb/torbutton.git/log/?h=bug33613_00
and backport: https://gitweb.torproject.org/user/sysrqb/torbutton.git/log/?h=bug33613_9.0_00
Trac:
Status: new to needs_review - Author
Okay, these were both merged onto their respective branches.
Trac:
Status: merge_ready to needs_information
Keywords: N/A deleted, TorBrowserTeam202003 added We are no longer in March
Trac:
Keywords: TorBrowserTeam202003 deleted, TorBrowserTeam202004 added- Reporter
This ticket looks like a big deal, since it is linked from the 9.0.7 blog post https://blog.torproject.org/new-release-tor-browser-907 with the text "Bug 33613: Disable Javascript on Safest security level"
So: is it actually in state 'needs_information', or was that a mistake in comment:3?
And: Can we give it a title more helpful than "811786"? :)
Thanks!
- Author
The patches above disabled javascript execution, as a safe guard. The original NoScript migration for this Firefox bug was incomplete. We believe the current mitigation in NoScript successfully avoids the bug, but I want to give enough time for more people to poke at it before thinking about relying on NoScript completely for blocking javascript execution on the Safest security level.
Trac:
Summary: 811786 to Javascript Execution with NoScript Bypass
Description: Placeholder.to
The bug is upstream in Firefox 68esr. It is tracked by Bug 1621996.
- Roger Dingledine mentioned in issue legacy/trac#33879 (moved)
mentioned in issue legacy/trac#33879 (moved)
- Trac moved from legacy/trac#33613 (moved)
moved from legacy/trac#33613 (moved)
- Trac added Bug Needs Information labels and removed 1 deleted label
added Bug Needs Information labels and removed 1 deleted label
- Trac removed 1 deleted label
removed 1 deleted label
- Georg Koppen mentioned in issue #40082 (closed)
mentioned in issue #40082 (closed)
- Developer
We are done here and will revert the fixes for Tor Browser 10 over in #40082 (closed).
- Georg Koppen closed
closed